Endpoint Protection

Hello-

I have dug through the forums and haven't been able to find an answer ( which probably tells me it can't be done.)

I am using SEP 11.0.700.975, and have to deploy the product to thousands of pc's out in the field.  I am unable to use a newer version of SEP at this time until issues out of my control are taken care of.  All of the clients are unmanaged, again due to issues out of my control.

I have two issues.

1.  I have the firewall rules configured for the clients, based upon their job role and/or location.  I have exported these rules into various .sar files.  I am able to script the import of these rules into the client after the install, BUT the default rules that SEP has in place are still present.  Is it possible either script the deletioin of those rules prior to importing the sar file OR configure the install to only use the custom rules during the install?

2.  Other than using SEPM, is it possible to configure the defaults for scan settings?  Ie: scheduled scans, default actions, exclusions.

My goal is to completely automate the install process so that the end user doesn't have to run through a lengthy install guide.  I want to configure firewall rules and scan settings.

If both of these can be done by building a custom install package using SEPM, any details would be appreciated.

Hopefuly I have provided enough details.

Hi,

sincerly, trying to manage unmanaged clients is a paradox.

Beppe is correct - quite a paradox. 

* * * * * * *

But yes it can be done.

* * * * * * *

You will require an SEPM.

You will need the SEP CD1 which contains the unamanaged installer.

You will need to define many groups in your SEPM (depending on the firewall settings).

* * * * * * * * *

For point number 1 - it comes in 2 parts.

** Part 1 - 1 **

I will not redo the screenshots, but rather ask that you + 1 Barkha for his contribution in this link (once for the screenshot and once for the explanation)

https://www-secure.symantec.com/connect/forums/unlock-administrator-defined-scans

Essentially this is it:

Create a group in SEPM with the policies and all the settings the way you want them to be.  I.E. Go to the AV/AS policy and set the scan schedule the way you want it (daily, weekly, hourly, etc.)

Setup you firewall rules the way you want them (removing the defaults or anything else you don't want)

When you export the package from SEPM, select the client group which has the policies the way you configured them for your clients. Add a check mark in the box to export, "export policy settings from the same group".

This will add the policy settings to the Managed client.  Yes I said managed.

Preferably, you want to export as an .MSI

We now have one managed client install package - configured with the scan schedules, firewall rules, etc. that we want. 

** Part 1 - 2 **

We now go to the installation folder with the unmanaged client.  Here we will acquire the SYLINK.XML file which is very different from the one we just created in our managed client. 

We go to our newly exported MSI file and replace the SYLINK.XML file with that which comes from the unmanaged client folder.  Thus we turn our Managed export with all our settings into an Unmanaged client with all our settings. 

* * * * * * * * * * * * * * *

OOPS!  I guess I answered both of your questions above. 

* * * Optional portion * * *

Now, since we have an MSI exported for our clients, which has multiple files...  we might want to build a single MSI package for all this;

We can now build our own MSI package. 

You can use such tools as:

- WPKG

- NSIS

- Wise Package Studio

- And many many more

* * * Very optional above * * *

If you dont need to do it, I wouldn't recommend it.  Of course, it's good to have knowledge of re-packaging and packaging into MSI files.  Just another notch in the IT ToolBelt - AKA skill set.

Jason-

I will build the packages I need and try this.

I do agree with Beppe, as well.  I am still fighting that battle with the powers that be, but in the mean time I need to make it happen.

Again, thank you for your prompt response!

Mark